fscrypto: require write access to mount to set encryption policy

#include <linux/random.h>

#include <linux/string.h>

#include <linux/fscrypto.h>

#include <linux/mount.h>

static int inode_has_encryption_context(struct inode *inode)

{

	return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL);

}

int fscrypt_process_policy(struct inode *inode,

int fscrypt_process_policy(struct file *filp,

				const struct fscrypt_policy *policy)

{

	struct inode *inode = file_inode(filp);

	int ret;

	if (!inode_owner_or_capable(inode))

		return -EACCES;

	if (policy->version != 0)

		return -EINVAL;

	ret = mnt_want_write_file(filp);

	if (ret)

		return ret;

	if (!inode_has_encryption_context(inode)) {

		if (!S_ISDIR(inode->i_mode))

			return -EINVAL;

		if (!inode->i_sb->s_cop->empty_dir)

			return -EOPNOTSUPP;

		if (!inode->i_sb->s_cop->empty_dir(inode))

			return -ENOTEMPTY;

		return create_encryption_context_from_policy(inode, policy);

			ret = -EINVAL;

		else if (!inode->i_sb->s_cop->empty_dir)

			ret = -EOPNOTSUPP;

		else if (!inode->i_sb->s_cop->empty_dir(inode))

			ret = -ENOTEMPTY;

		else

			ret = create_encryption_context_from_policy(inode,

								    policy);

	} else if (!is_encryption_context_consistent_with_policy(inode,

								 policy)) {

		printk(KERN_WARNING

		       "%s: Policy inconsistent with encryption context\n",

		       __func__);

		ret = -EINVAL;

	}

	if (is_encryption_context_consistent_with_policy(inode, policy))

		return 0;

	printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",

	       __func__);

	return -EINVAL;

	mnt_drop_write_file(filp);

	return ret;

}

EXPORT_SYMBOL(fscrypt_process_policy);

				   (struct fscrypt_policy __user *)arg,

				   sizeof(policy)))

			return -EFAULT;

		return fscrypt_process_policy(inode, &policy);

		return fscrypt_process_policy(filp, &policy);

#else

		return -EOPNOTSUPP;

#endif

{

	struct fscrypt_policy policy;

	struct inode *inode = file_inode(filp);

	int ret;

	if (copy_from_user(&policy, (struct fscrypt_policy __user *)arg,

							sizeof(policy)))

		return -EFAULT;

	ret = mnt_want_write_file(filp);

	if (ret)

		return ret;

	f2fs_update_time(F2FS_I_SB(inode), REQ_TIME);

	ret = fscrypt_process_policy(inode, &policy);

	mnt_drop_write_file(filp);

	return ret;

	return fscrypt_process_policy(filp, &policy);

}

static int f2fs_ioc_get_encryption_policy(struct file *filp, unsigned long arg)

extern int fscrypt_zeroout_range(struct inode *, pgoff_t, sector_t,

						unsigned int);

/* policy.c */

extern int fscrypt_process_policy(struct inode *,

					const struct fscrypt_policy *);

extern int fscrypt_process_policy(struct file *, const struct fscrypt_policy *);

extern int fscrypt_get_policy(struct inode *, struct fscrypt_policy *);

extern int fscrypt_has_permitted_context(struct inode *, struct inode *);

extern int fscrypt_inherit_context(struct inode *, struct inode *,

}

/* policy.c */

static inline int fscrypt_notsupp_process_policy(struct inode *i,

static inline int fscrypt_notsupp_process_policy(struct file *f,

				const struct fscrypt_policy *p)

{

	return -EOPNOTSUPP;